1. Field of the Invention
This invention relates to an information processing apparatus adapted to generate a cryptographic key according to the key managed at a server apparatus and the ID specific to the application operating at a client apparatus, a server apparatus, a medium recording an information processing program and an information processing method.
2. Description of the Related Art
SANs (storage area networks), NASs (network attached storages) and DASs (direct attached storages) have recently been and being utilized in firms and universities in order to store and manage a vast quantity of data. In such systems, client apparatus can store data in any of the storages in and those connected to server apparatus so that the storage resources of the system can be shared to improve the efficiency of backup operations.
Additionally, the data stored outside the client apparatus are encrypted to raise the level of data storage security of the system and the cryptographic key to be used on the system is managed either by the client apparatus or by the server apparatus.
As a technique relating to the present invention, authentication methods of generating a common key at the time of authentication or at the time of sharing the key for the purpose of authentication of the partner without sharing a key are known (see, refer to Patent Document 1: Jpn. Pat. Appln. Laid-Open Publication No. 2000-182102).
However, when the client apparatus connected to a server apparatus manage the respective cryptographic keys in a system of the above-described type, each of the client apparatus need to be mounted with a key management mechanism and a key delivery mechanism for delivering the key to the server apparatus. Additionally, when a plurality of applications that are utilized by the client apparatus that manage respective cryptographic keys store data in a shared storage and the cryptographic key of one of the client apparatus leaks out all the data stored by the client apparatus can be decrypted by a data thief because the applications are encrypted by means of a same cryptographic key.
When, on the other hand, the cryptographic keys are managed by the server apparatus, any of the cryptographic keys can leak out when the server apparatus sends the cryptographic key to the proper client apparatus. Additionally, if any of the cryptographic keys managed by the server apparatus leaks out, all the encrypted and stored data that are managed by the system can be decrypted.